Privacy Policy

INTRODUCTION

Elevate Credit International Limited (“Elevate”) is committed to safeguarding the privacy of your personal data.

Elevate is registered with the Information Commissioner’s Office (ICO) under registration number Z8907456.

We operate in the UK so if you choose to use our website from outside the UK, you do so at your own risk. This website is not targeted at customers outside the UK.

This Policy was created in May 2018 and provides information in respect of how we and others use your personal data.

HOW TO CONTACT US

Elevate Credit International Limited, is registered in England at 27/28 Eastcastle Street, London, W1W 8DH, under company number 05041905.

If you want ask us about our use of your personal data please contact us at dataprotection@sunny.co.uk

WHY IT’S IMPORTANT THAT YOU READ THIS

We want to try and make it as clear as possible what it is you are agreeing to when you provide your personal data to us.

When you apply for a loan with us or you provide personal information in respect of someone else’s loan application, you will be asked provide us with information (including name, address, phone number(s), email address, date of birth, income and expenditure information, bank and debit card details). This, and any other information from which you may be identified constitutes personal data.

You may also provide personal data when you speak with our customer services representatives or you update your online account information (My Account).

This policy sets out the basis upon which we will use, store, collect, disclose and transfer (individually or collectively referred to as processing) your personal data. It sets out the basis upon which we send you marketing, use cookies and share your personal data with third parties.

UPDATES

We may need to update this Policy at any time and without notice and when we do this we will inform you via your online account and/or by email.

OBVIOUS USES OF YOUR PERSONAL DATA

Application data

When you make an online application we ask you to provide a lot of personal data.

We need the personal data you provide to perform our contract with you, and more specifically for the reasons set out below, including to conduct checks prior to granting a loan, to complete the loan agreement with you, to manage your loan account and to collect payments and/or recover debt. We will also use it to contact you.

Credit Reference Agencies & Fraud Prevention Agencies

We will share your personal data with credit reference agencies (CRAs) and fraud prevention agencies (FPAs) as part of the regulatory requirements placed on us, to conduct creditworthiness and affordability assessments before entering into an agreement with you and to prevent financial crime.

Your personal data is also used for:

  • managing your account;
  • verifying the accuracy of the data you have provided to us;
  • debt recovery and debtor tracing.
All of the above processes are required for the performance of our contract.

These CRA and FPA searches will be recorded. Other credit providers may search these records. Your information may be linked to others living at your address. We may disclose information about how you conduct your account to third parties. We have a legitimate business interest to conduct this type of processing.

We are obligated to provide details back to CRAs and FPAs to inform them of the performance and repayment history of the loan account and suspected or discovered fraud. If you provide false information and/or we suspect fraud we will record this and may report our suspicions to appropriate law enforcement agencies.

We may continue to receive and exchange personal data with CRAs while you have a relationship with us. Please see the Account management section below.

The identities of the CRAs, their role also as fraud prevention agencies, the data they hold, the ways in which they use and share personal information, data retention periods and your data protection rights with the CRAs are explained in more detail and is accessible from each of the three CRAs. By clicking on any of these three links you will be taken to the same document:

Account management

We use your personal data to help us manage your loan account with us, this includes personal data you may amend if you update your online account.

Whilst your loan account remains active (whether or not you have an outstanding loan balance), we receive account management data from CRAs and FPAs to help us make decisions as to whether to make additional funds available for you to borrow. We have a legitimate interest in undertaking this process.

We may also share your personal data with third parties to assist in the collection of repayments and recovery of debt and/or if we assign the loan agreement to debt purchasers or if we were to sell our business.

Analysis

We use your personal data to undertake periodic statistical analysis and/or to ensure the suitability of existing and future products and services. This also helps us to better understand our customers' requirements so we can develop, improve and test products and services. This processing is undertaken as a legitimate interest of the business.

When you contact us

When you correspond with us by phone or e-mail you may also provide personal data. We use this to manage your loan application, your loan account and to respond to any questions or concerns you may have. Phone calls are recorded in the legitimate interests of our business quality and security standards.

LESS OBVIOUS USES OF YOUR PERSONAL DATA

Browsing patterns, interaction with our website and your equipment

Each time you visit our website, certain technical data about you is collected. In some cases this is collected by us and in some cases this is collected by third parties. This includes details about your equipment, browsing actions and patterns.

Our Cookie Policy explains what we collect and why and allows you to change certain preferences. It also explains when third parties collect data and how you can manage that.

INFORMATION WE SHARE WITH/OBTAIN FROM OTHER SOURCES

Third Parties Service Providers

  • Credit References Agencies & Fraud Prevention Agencies: Sometimes we obtain personal data from, and share personal data with CRAs and/or FPAs, to assist us and CRAs and in creating and/or improving risk models. We only use third party data if the relevant consent has been provided.
  • Payment services providers: Sometimes other businesses give us personal data about you which we may need for our legitimate interests of conducting business with you, and on occasion they are necessary to perform our contract with you. This happens when we link through to third party payment providers. They tell us whether you have/have not made payments.
  • Debt management companies, Insolvency Practitioners & CMCs: We are under a legal obligation to work with third parties to whom you have provided authority to act on your behalf. In so doing they may provide us with information about you and may request information about you.
  • Third party contractors/service providers: We may also engage third party contractors to provide us with technical or delivery services that are related to your loan account with us. We need these providers to provide us with their services for our legitimate interests of operating our business and our website effectively.
    A list of third party contractors/service providers we engage to handle your personal data can provided on request.
  • Consumer research: We may use third party providers to undertake consumer research to assist us in understanding consumer needs and preferences, so we can improve or develop our products and services and also so we ensure we target appropriate consumers.
  • Consumer feedback & Reviews: We may send you an email to participate in providing feedback or reviews via third parties such as TrustPilot and NPS. We do not share your personal data with them. If you participate please check their respective privacy policies.
  • Direct Marketing: We may use third parties to send direct marketing material on our behalf, to our customers or to target consumer audiences. Our use of third parties to distribute marketing is in the legitimate interests of our business. In all cases we ensure you have been given the opportunity to inform us that you do not want to receive marketing from us.

Professional Advisers:

We may also share your personal data with professional advisers such as our lawyers and insurers to manage risks and legal claims. This is in our legitimate interests.

Partnerships

We may also enter partnerships with third parties to exchange information about you where we think it will give you an opportunity to get a great product or service but we will always inform you about this and ask for your express permission to participate in this.

Advertisers:

We may provide suppliers of analytical services or advertising network and search engine providers with aggregate information about our users to help them reach certain demographics. We do not disclose information that identifies you as an individual.

Sometimes our website will use third party websites to make your log in easier (such as Facebook). Please be aware that by choosing to log in this manner, this connects your profile on that third party website with your profile on our website. Please read the privacy policy of all third party platforms operating this service.

We may also share your personal data with third party social media platforms (such as Facebook) in order to show you targeted ads when you visit Facebook. We do this by the use of cookies which capture your visits to our website. Please refer to our Cookie Policy for more information.

We may also provide these platforms with your email address to create ‘audiences’ of users fitting within a certain demographic/category so that we can target our marketing. The Facebook GDPR Portal explains these services in more detail. This use is in our legitimate interests of sending you direct marketing. Our Cookie Policy explains how you can adjust your cookies preferences.

If we offer you the opportunity to invite a friend to try our products using the contacts from a social network service (e.g. your Facebook friends or Gmail contacts then we will only do so with your permission and will only use those contacts for that purpose.

Group:

We may share your personal data within our group of companies in order to improve our products and services and because some of our internal support services are shared across the group. This is in our legitimate interests. Our parent company is Elevate Credit Inc. and they are based in the US. We have an inter-company agreement in place which requires our parent company to ensure that the appropriate safeguards are in place.

It is possible we could sell our business to a third party or re-organise our business or become insolvent. In that scenario, our database of customers is one of the biggest parts of that business and so we would need to share it with the third-party buyer and their advisers. This is in the legitimate interests of selling our business.

Law Enforcement/Legal Compliance:

We will co-operate with all third parties to enforce their intellectual property or other rights. We will also cooperate with law enforcement requests from within or outside your country of residence. This may include disclosing your personal information to government or law enforcement agencies, or private parties, when we have a good faith belief that disclosure is required by law or when we, in our discretion, believe that disclosure is necessary to protect our legal rights, or those of third parties and/or to comply with a judicial proceeding, court order, fraud reduction or legal process served on us. In such cases, we may raise or waive any legal objection or right available to us. These uses of your personal data are in our legitimate interests of protecting our business security. We may also use your personal data and share it with the recipients listed in this policy for the purpose of complying with our legal obligations.

MARKETING

We only send electronic marketing such as email or SMS marketing to people who have provided the relevant consent for us to do so. We will always offer an unsubscribe facility so you can opt out of receiving this marketing when you first make a loan application and in every marketing communication afterwards. We may on occasion send out postal marketing for the purpose of growing our sales which is in our legitimate interests and in this scenario we will rely on you to let us know if you do not want to receive this by opting out of the marketing. To opt-out please email us at unsubscribe@sunny.co.uk

You also give us personal data such as contact information when you enter one of our competitions. In these circumstances you are giving us these details to participate. These functions only operate on our website on an opt-in basis and so we rely on your consent to use your personal data in this way.

You also give us your personal data when you participate in discussion boards or other social media functions which we may use from time to time on our website. Operating these discussion boards allows you to share your views with our other customers. This processing of data is in the legitimate interests of the business.

AUTOMATED DECISION MAKING

In the majority of cases our lending decisions rely solely on automated decision making and we have a legitimate interest in doing so as our business is solely online and requires decisions to be made consistently and in respect of a number of data points, to ensure we lend responsibly and have undertaken affordability and creditworthiness assessments, in accordance with regulatory requirements.

WHERE WE SEND YOUR PERSONAL DATA AND WHERE WE STORE IT AND FOR HOW LONG?

The personal data that we collect from you will be stored in the UK, however it will also be transferred and stored as follows:

  • We use the following ‘cloud providers’ to provide us with technical solutions. These include Microsoft Azure and Amazon Web Servers (AWS). Their GDPR portals explain where they store the personal data we provide to them and how they provide us with adequate safeguards to protect your personal data.
  • We provide personal data to our parent company. These transfers occur in accordance with an inter-company transfer agreement between the companies.

We only store your personal data for as long we need it. Details of our records retention policy is available upon request. To determine the appropriate period we consider the nature of the personal data, its sensitivity, the potential for harm and the regulatory requirements placed upon us. We may delete your personal data on your request – please refer to Your Rights and we may hold a list of the ‘opt out’ requests to record these requests.

SPECIAL CATEGORIES OF PERSONAL DATA

You may provide us with following special categories of personal data. This is required for the performance of the contract. Card details are encrypted. Other information is held securely.

  • bank records;
  • card details;
  • utility bills;
  • identification records;
  • information pertaining to your health; and
  • information concerning your financial status.

PROTECTING YOUR PERSONAL DATA

All information you provide to us is stored on our servers and we have implemented reasonable and appropriate security measures to protect your personal data including limiting access to key personnel and utilising user names, passwords, encryption and anonymisation where appropriate. Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee that data breaches will never occur. Please keep your password safe at all times and log out of inactive sessions. Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites. Please do not provide us with any other person’s data unless we have specifically prompted you to do so.

For safety purposes, we may require users to verify their accounts (because we want to make sure you are not a robot or a minor). However, with the prevalence of ‘phishing’ you should treat all such emails with caution. We advise that you check our main website by typing in the full address (and not using a ‘cached’ copy of the website on your device) and use the contact details on our website to contact us to verify the request. We also do not recommend that you put email addresses, URLs, phone numbers, full names or addresses, credit card details or other identifying or sensitive information in any online chat function or public profile.

Our products are not aimed at children and neither is our website.

YOUR RIGHTS

You have various rights under law that assist you with verifying our lawful use of your personal data.

Please refer to our policy for further information here

COMPLAINTS

You may complain to your local supervisory data protection authority about us depending on where you are located. In the UK, please read: https://ico.org.uk/make-a-complaint/ for details of how to do this.